Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
yaml-crypt
Advanced tools
Command line utility to encrypt and decrypt YAML documents.
The package is available on the npm registry, so just run
$ yarn global add yaml-crypt
$ yaml-crypt -h
You can also install the package locally:
$ mkdir yaml-crypt && cd yaml-crypt
$ yarn init --yes
$ yarn add yaml-crypt
$ ./node_modules/.bin/yaml-crypt -h
You can also use the Docker image:
$ docker run --rm autoapply/yaml-crypt -h
First you will need to generate a key file. Currently, both Fernet and Branca encryption schemes are supported.
To generate a new random key, run
$ yaml-crypt --generate-key > my-key-file
To encrypt all values in a YAML file, run
$ yaml-crypt -k my-key-file my-file.yaml
This will encrypt the file contents and rename the file to my-file.yaml-crypt
.
The operation will be performed based on the file extension, so to decrypt a file, just use
$ yaml-crypt -k my-key-file my-file.yaml-crypt
To specify an explicit operation, use -e
or -d
for encryption or decryption.
You can also encrypt only certain parts of a file. Given the following YAML file
apiVersion: v1
kind: Secret
data:
username: user1
password: secret123
you can use --path data
to only encrypt the values user1
and secret123
.
Kubernetes secrets are Base64 encoded, so you should also use the
--base64
(or-B
) option.
It is also possible to directly open encrypted files in an editor, decrypting them before opening and encrypting again when saving:
$ yaml-crypt -E my-file.yaml-crypt
When editing, you can add new encrypted data by specifying the yaml tag <!yaml-crypt>
:
unencrypted:
hello: world
encrypted:
key1: !<!yaml-crypt/:0> secret-key-1
# add the following line to add a new encrypted entry "key2" to the file,
# which will be encrypted in the yaml-crypt file:
key2: !<!yaml-crypt> secret123
The yaml-crypt command looks in ~/.yaml-crypt
for a file config.yaml
or config.yml
.
Currently, only the keys
property is supported. These keys will be used when no keys
are given on the command line:
$ cat ~/.yaml-crypt/config.yaml
keys:
- key: my-raw-key-data
- key: !!binary my-base64-key-data
$ yaml-crypt my-file.yaml
All whitespaces at the beginning and end of keys will be removed when reading keys.
The yaml-crypt tool is licensed under the MIT License
FAQs
Encrypt and decrypt YAML documents
The npm package yaml-crypt receives a total of 4 weekly downloads. As such, yaml-crypt popularity was classified as not popular.
We found that yaml-crypt demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.